High-Tech Bridge SA Security Research Lab has discovered vulnerability in Serendipity, which can be exploited to perform SQL injection attacks.

1) SQL injection in Serendipity1.1 Input passed via the "url" GET parameter to comment.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.The following PoC (Proof of Concept) demonstrates the vulnerability:http://[host]/comment.php?type=trackback&entry_id=1&url=%27%20OR%20mid%28version %28%29,1,1%29=5%20--%202Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is off.

Have additional information to submit? Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.